5 things to consider when testing the SD-WAN waters

Companies looking to find the perfect SD-WAN solutions inevitably ask questions about testing. Since choosing an SD-WAN solution for your company is a big decision, it’s important to choose a vendor whose strengths and nuances best fit your company’s network environment.

But testing SD-WAN solutions isn’t simple. There are many vendors to choose from with a range of options and features. When selecting an SD-WAN solution, some of the things to test for are failover, application performance, usability, and scalability. Even though an SD-WAN node has very little which requires performance testing, you’ll still need to make sure it meets your network’s unique needs.

Here are some pointers for testing SD-WAN solutions for your company gathered from my experiences.

Ease of Usability

Testing the usability of each solution is incredibly important to choosing the right SD-WAN. You’ll need to choose and set the parameters which optimize the solution’s performance in your specific situation.

When testing for usability, develop a set of tasks that will be examined across products. These tasks should reflect the common actions performed on an SD-WAN — adding new locations, reconfiguring existing SD-WAN nodes, adding or removing users, and so on. Perform these tasks across all vendors, ideally in a multi-site deployment.

If you have an MPLS network, play with the settings a bit and check what happens when you reduce dependency on the MPLS. The lower the dependency on MPLS, the higher the benefits of SD-WAN.

Failover

SD-WAN solutions offer a range of failover capabilities in case of a circuit outage. Simply detecting broken links would be easy. However, most failures are not so binary. They’re dynamic, consisting of momentary pauses that lead to packet drops. These failures are more difficult to diagnose, and deciding when it’s okay to switch back can be complex.

The different SD-WAN products handle such network brownouts and failures differently. In addition to pulling a cable to see how the SD-WAN fails over, recreate momentary outages with a range of packet loss rates and periods of excessive congestion.

Path Selection

SD-WAN allows you to split traffic between low-cost VPNs and expensive dedicated links. To use this capability, though, you’ll need a solution which can differentiate between high-priority traffic and lower-priority traffic.

Each SD-WAN vendor has algorithms to help determine which traffic takes higher or lower priority. Some make those decisions flow-by-flow, others packet-by-packet. Each has its strengths. Make sure you understand the differences, and be sure you can adjust them manually as needed and that they work as expected and required.

Scalability

This is an important consideration, especially if you have a larger network. Does your company need a full mesh network, or can it use hub-and-spoke technology? Full mesh requires tunnels between all locations, which increases memory and processing on the edge nodes. More importantly it means that you need the management tools to make deploying, configuring and managing those tunnels en masse easy. Hub-and-spoke require less resources, but then force traffic through a central hub. SD-WAN services can help avoid the trade-offs by maintaining the mesh in the cloud, freeing the edge nodes from needing the compute and memory resource. You’ll still want to look at large scale management and configuration tools.

Application Performance

Traditional WAN devices are adding hybrid WAN or SD-WAN features, and application acceleration is being integrated into various SD-WAN products. The benefits of application acceleration are dependent on the interaction between acceleration technique, application, and network conditions such as latency, bandwidth, loss, and jitter.

If you’re looking for an SD-WAN solution which will provide application acceleration, you’ll need to test the applications under real-world network conditions to determine which solution is best for your company’s network.

Security

Part of network security means taking steps to protect data in flight. This means traffic encryption and node authentication – something that all SD-WANs should provide.

Any test of system security requires an evaluation of all available ports and communications methods for vulnerabilities. Passwords need to be tested for resistance to cracking, and system behavior must be observed when overloaded (by a denial of service (DOS) attack, for example).

Be aware of the security issues in any SD-WAN deployment and make sure you look at them carefully. If the SD-WAN leverages partners for security, check at the ease of deployment and sophistication of management. Look at security both outward facing and inward facing. Can you incorporate a WAN firewall into your SD-WAN easily? If so, how?